In this post, we will see how to use Netstat for Network Troubleshooting in Windows 11/10. Ping and traceroute are quite useful when troubleshooting networks issues on a Linux server. In some cases, you may need to know more about the network to track down and resolve an issue. Netstat is one such command, which provides information about your network’s sockets along with other useful information. With this tool, you can also get results quickly through the command line, just like ping and traceroute.
What is Netstat?
According to IBM developerWorks, Netstat is one of the most useful tools in Linux when dealing with networking issues. It is a tool that can be used by Linux and other operating systems such as Windows to display the incoming and outgoing network connections. Aside from this, it can also collect detailed information about networks, protocols, and routing tables.
With netstat, you can diagnose network problems and measure how much traffic is flowing through the network. Therefore, it can be a very useful tool for tracking network performance and finding out what is causing outages, slowdowns, or bottlenecks.
How to Use Netstat for Network Troubleshooting
Here’s how to use Netstat for Network Troubleshooting:
- Run Command Prompt as an administrator.
- Now type the below command and press the Enter key:
netstat
- The columns may not make sense to you if you’re new to networking.
- Proto: It refers to the network protocol. It can either be TCP or UDP.
- Local Address: Your computer’s IP address and the ports associated with its network interfaces.
- Foreign Address: This refers to the IP address and port names of remote servers.
- State: It represents the connection is progressing. For instance, find active connections and close those that are idle.
With the netstat command, you can view the details of your active connections. Under the foreign address column, you’ll find the IP address and port.
Next to the IP addresses, use the following command to display the port numbers instead of the port names:
netstat -n
Moreover, the system can make connections or disconnect from networks, and the details of the networks can change from time to time. Accordingly, it is possible to refresh the network details of the netstat command at intervals by running the below command :
netstat -n 5
If you want to stop the refreshing, use the Ctrl+C keys.
Note: In the above command, 5 represents the frequency of refreshing every 5 seconds. If you want to increase or decrease this interval, you can modify the value.
Use netstat parameters to filter connection information
Netstat is a powerful command that can be used to display all the details about your device’s connection. Here are the most widely used netstat parameters that you can use to determine specific network details.
1] Show active and inactive connections
You can use this command to see which networks are active or inactive.
netstat -a
2] Show information about applications
It will list all applications that are related to the connections.
netstat -b
3] Stats about your network adapter
It displays incoming and outgoing packet statistics.
netstat -e
4] Show foreign addresses’ fully qualified domain name (FQDNS)
In case you are not interested in seeing port numbers or names for your foreign addresses, the following netstat parameter shows their fully qualified domain names instead.
netstat -f
5] Instead of names, show port numbers
It transforms the names of the foreign address ports into numbers.
netstat -n
6] Show the process ID
It includes an extra column for the Process ID (PID) of every connection like netstat.
netstat -o
7] Configure protocol filters to filter connections
The connection type you select is displayed here – UDP, TCP, TCPv6, or UDPv6.
netstat -p udp
Note: In the UDP part, change the protocol name to the one you would like to view.
8] List listening and non-listening ports
It identifies listening ports and non-listening ports bound to connections.
netstat -q
9] Group statistics by protocol
Networks can be classified based on their protocol – UDP, TCP, ICMP, IPv4, or IPv6.
netstat -s
10] Show the routing table
This will show you the routing table for your current network. The routing table lists all routes to destination and matrices on your system. This is similar to route printing.
netstat -r
11] Show offload state connections
It displays a list of the current connection offload status.
netstat -t
12] See the NetworkDirect connections
It will display all NetworkDirect connections.
netstat -x
13] Show connection templates
It displays the templates of TCP connections on your networks.
netstat -y
3] Combination of Netstat parameters
You can filter Netstat parameters in order to view information about your connections in the format that best suits your needs. As you can see above, the combined view can be displayed by adding a second parameter. For example, you can use the -s and -e parameters together to examine protocol statistics. By doing so, you can include additional parameters to narrow down your search.
Note: There is no need to add two dashes (-) when mixing multiple Netstat parameters. One dash (-) can be used to introduce the parameter letters instead of two.
Instead of typing this command:
netstat -s -e
You could write it as:
netstat - se
In case you remember the parameters, you can ask netstat for assistance. Simply run the following command:
netstat /?
You can stop the netstat query process by pressing CTRL + C anytime.
Read Next:
